summaryrefslogtreecommitdiff
path: root/source3/libsmb/ntlmssp_parse.c
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2008-02-01 14:24:31 -0500
committerSimo Sorce <idra@samba.org>2008-02-01 14:24:31 -0500
commit2fffc9a1b1fe2a1490e867bb38462e50c282d2b3 (patch)
tree428e09c9b35138db8b7ca7161c659a71aa129d29 /source3/libsmb/ntlmssp_parse.c
parent93a3c5b3f9927973b4ad1496f593ea147052d1e1 (diff)
parentb708005a7106db26d7df689b887b419c9f2ea41c (diff)
downloadsamba-2fffc9a1b1fe2a1490e867bb38462e50c282d2b3.tar.gz
samba-2fffc9a1b1fe2a1490e867bb38462e50c282d2b3.tar.bz2
samba-2fffc9a1b1fe2a1490e867bb38462e50c282d2b3.zip
Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
(This used to be commit 7dbfc7bdc65314466a83e8121b35c9bcb24b2631)
Diffstat (limited to 'source3/libsmb/ntlmssp_parse.c')
-rw-r--r--source3/libsmb/ntlmssp_parse.c23
1 files changed, 19 insertions, 4 deletions
diff --git a/source3/libsmb/ntlmssp_parse.c b/source3/libsmb/ntlmssp_parse.c
index ac8846ad1e..70377cba7d 100644
--- a/source3/libsmb/ntlmssp_parse.c
+++ b/source3/libsmb/ntlmssp_parse.c
@@ -170,6 +170,7 @@ bool msrpc_gen(DATA_BLOB *blob,
/* a helpful macro to avoid running over the end of our blob */
#define NEED_DATA(amount) \
if ((head_ofs + amount) > blob->length) { \
+ va_end(ap); \
return False; \
}
@@ -216,16 +217,20 @@ bool msrpc_parse(const DATA_BLOB *blob,
if ((len1 != len2) || (ptr + len1 < ptr) ||
(ptr + len1 < len1) ||
(ptr + len1 > blob->length)) {
+ va_end(ap);
return false;
}
if (len1 & 1) {
/* if odd length and unicode */
+ va_end(ap);
return false;
}
if (blob->data + ptr <
(uint8 *)(unsigned long)ptr ||
- blob->data + ptr < blob->data)
+ blob->data + ptr < blob->data) {
+ va_end(ap);
return false;
+ }
if (0 < len1) {
char *p = NULL;
@@ -261,13 +266,16 @@ bool msrpc_parse(const DATA_BLOB *blob,
if ((len1 != len2) || (ptr + len1 < ptr) ||
(ptr + len1 < len1) ||
(ptr + len1 > blob->length)) {
+ va_end(ap);
return false;
}
if (blob->data + ptr <
(uint8 *)(unsigned long)ptr ||
- blob->data + ptr < blob->data)
+ blob->data + ptr < blob->data) {
+ va_end(ap);
return false;
+ }
if (0 < len1) {
char *p = NULL;
@@ -304,13 +312,16 @@ bool msrpc_parse(const DATA_BLOB *blob,
if ((len1 != len2) || (ptr + len1 < ptr) ||
(ptr + len1 < len1) ||
(ptr + len1 > blob->length)) {
+ va_end(ap);
return false;
}
if (blob->data + ptr <
(uint8 *)(unsigned long)ptr ||
- blob->data + ptr < blob->data)
+ blob->data + ptr < blob->data) {
+ va_end(ap);
return false;
+ }
*b = data_blob(blob->data + ptr, len1);
}
@@ -322,6 +333,7 @@ bool msrpc_parse(const DATA_BLOB *blob,
NEED_DATA(len1);
if (blob->data + head_ofs < (uint8 *)head_ofs ||
blob->data + head_ofs < blob->data) {
+ va_end(ap);
return false;
}
@@ -337,7 +349,8 @@ bool msrpc_parse(const DATA_BLOB *blob,
s = va_arg(ap, char *);
if (blob->data + head_ofs < (uint8 *)head_ofs ||
- blob->data + head_ofs < blob->data) {
+ blob->data + head_ofs < blob->data) {
+ va_end(ap);
return false;
}
@@ -351,11 +364,13 @@ bool msrpc_parse(const DATA_BLOB *blob,
blob->length - head_ofs,
STR_ASCII|STR_TERMINATE);
if (ret == (size_t)-1 || p == NULL) {
+ va_end(ap);
return false;
}
head_ofs += ret;
if (strcmp(s, p) != 0) {
TALLOC_FREE(p);
+ va_end(ap);
return false;
}
TALLOC_FREE(p);